Snowflake Key Pair Auth

Connect to Snowflake via Public Private Key Pair to manage and analyze your data warehouse workloads

Supports authentication: Bearer Token

Usage

Connect a user’s Snowflake account using key-pair authentication and make API calls on their behalf — Scalekit handles token management automatically.

Don’t worry about your Snowflake account domain in the path. Scalekit automatically resolves {{domain}} from the connected account’s configuration. For example, a request with path="/api/v2/statements" will be sent to https://myorg-myaccount.snowflakecomputing.com/api/v2/statements automatically.

1
import { ScalekitClient } from '@scalekit-sdk/node';
2
import 'dotenv/config';
3

4
const connectionName = 'snowflakekeyauth'; // get your connection name from connection configurations
5
const identifier = 'user_123';             // your unique user identifier
6

7
// Get your credentials from app.scalekit.com → Developers → Settings → API Credentials
8
const scalekit = new ScalekitClient(
9
  process.env.SCALEKIT_ENV_URL,
10
  process.env.SCALEKIT_CLIENT_ID,
11
  process.env.SCALEKIT_CLIENT_SECRET
12
);
13
const actions = scalekit.actions;
14

15
// Authenticate the user
16
const { link } = await actions.getAuthorizationLink({
17
  connectionName,
18
  identifier,
19
});
20
console.log('🔗 Authorize Snowflake:', link); // present this link to your user for authorization, or click it yourself for testing
21
process.stdout.write('Press Enter after authorizing...');
22
await new Promise(r => process.stdin.once('data', r));
23

24
// Make a request via Scalekit proxy
25
const result = await actions.request({
26
  connectionName,
27
  identifier,
28
  path: '/api/v2/statements',
29
  method: 'POST',
30
  body: { statement: 'SELECT CURRENT_USER()', timeout: 60 },
31
});
32
console.log(result);

1
import scalekit.client, os
2
from dotenv import load_dotenv
3
load_dotenv()
4

5
connection_name = "snowflakekeyauth"  # get your connection name from connection configurations
6
identifier = "user_123"              # your unique user identifier
7

8
# Get your credentials from app.scalekit.com → Developers → Settings → API Credentials
9
scalekit_client = scalekit.client.ScalekitClient(
10
    client_id=os.getenv("SCALEKIT_CLIENT_ID"),
11
    client_secret=os.getenv("SCALEKIT_CLIENT_SECRET"),
12
    env_url=os.getenv("SCALEKIT_ENV_URL"),
13
)
14
actions = scalekit_client.actions
15

16
# Authenticate the user
17
link_response = actions.get_authorization_link(
18
    connection_name=connection_name,
19
    identifier=identifier
20
)
21
# present this link to your user for authorization, or click it yourself for testing
22
print("🔗 Authorize Snowflake:", link_response.link)
23
input("Press Enter after authorizing...")
24

25
# Make a request via Scalekit proxy
26
result = actions.request(
27
    connection_name=connection_name,
28
    identifier=identifier,
29
    path="/api/v2/statements",
30
    method="POST",
31
    json={"statement": "SELECT CURRENT_USER()", "timeout": 60}
32
)
33
print(result)

Tool list

`snowflakekeyauth_cancel_query`

Cancel a running Snowflake SQL API statement by statement handle.

Name	Type	Required	Description
`request_id`	string	No	Optional request ID used when the statement was submitted
`statement_handle`	string	Yes	Snowflake statement handle to cancel

`snowflakekeyauth_execute_query`

Execute one or more SQL statements against Snowflake using the SQL API. Requires a valid Snowflake OAuth2 connection. Use semicolons to submit multiple statements.

Name	Type	Required	Description
`async`	boolean	No	Execute statement asynchronously and return a statement handle
`bindings`	`object`	No	Bind variables object for ’?’ placeholders in the SQL statement
`database`	string	No	Database to use when executing the statement
`nullable`	boolean	No	When false, SQL NULL values are returned as the string “null”
`parameters`	`object`	No	Statement-level Snowflake parameters as a JSON object
`request_id`	string	No	Unique request identifier (UUID) used for idempotent retries
`retry`	boolean	No	Set true when resubmitting a previously sent request with the same request_id
`role`	string	No	Role to use when executing the statement
`schema`	string	No	Schema to use when executing the statement
`statement`	string	Yes	SQL statement to execute. Use semicolons to send multiple statements in one request.
`timeout`	integer	No	Maximum number of seconds to wait for statement execution
`warehouse`	string	No	Warehouse to use when executing the statement

`snowflakekeyauth_get_columns`

Query INFORMATION_SCHEMA.COLUMNS for column metadata.

Name	Type	Required	Description
`column_name_like`	string	No	Optional column name pattern
`database`	string	Yes	Database name
`limit`	integer	No	Maximum rows
`role`	string	No	Optional role
`schema`	string	No	Optional schema filter
`table`	string	No	Optional table filter
`warehouse`	string	No	Optional warehouse

`snowflakekeyauth_get_query_partition`

Get a specific result partition for a Snowflake SQL API statement.

Name	Type	Required	Description
`partition`	integer	Yes	Partition index to fetch (0-based)
`request_id`	string	No	Optional request ID used when the statement was submitted
`statement_handle`	string	Yes	Snowflake statement handle returned by Execute Query

`snowflakekeyauth_get_query_status`

Get Snowflake SQL API statement status and first partition result metadata by statement handle.

Name	Type	Required	Description
`request_id`	string	No	Optional request ID used when the statement was submitted
`statement_handle`	string	Yes	Snowflake statement handle returned by Execute Query

`snowflakekeyauth_get_referential_constraints`

Query INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS.

Name	Type	Required	Description
`database`	string	Yes	Database name
`limit`	integer	No	Maximum rows
`role`	string	No	Optional role
`schema`	string	No	Optional schema filter
`table`	string	No	Optional table filter
`warehouse`	string	No	Optional warehouse

`snowflakekeyauth_get_schemata`

Query INFORMATION_SCHEMA.SCHEMATA for schema metadata.

Name	Type	Required	Description
`database`	string	Yes	Database name
`limit`	integer	No	Maximum rows
`role`	string	No	Optional role
`schema_like`	string	No	Optional schema pattern
`warehouse`	string	No	Optional warehouse

`snowflakekeyauth_get_table_constraints`

Query INFORMATION_SCHEMA.TABLE_CONSTRAINTS.

Name	Type	Required	Description
`constraint_type`	string	No	Optional constraint type filter
`database`	string	Yes	Database name
`limit`	integer	No	Maximum rows
`role`	string	No	Optional role
`schema`	string	No	Optional schema filter
`table`	string	No	Optional table filter
`warehouse`	string	No	Optional warehouse

`snowflakekeyauth_get_tables`

Query INFORMATION_SCHEMA.TABLES for table metadata in a Snowflake database.

Name	Type	Required	Description
`database`	string	Yes	Database name
`limit`	integer	No	Maximum number of rows
`role`	string	No	Optional role
`schema`	string	No	Optional schema filter
`table_name_like`	string	No	Optional table name pattern
`warehouse`	string	No	Optional warehouse

`snowflakekeyauth_show_databases_schemas`

Run SHOW DATABASES or SHOW SCHEMAS.

Name	Type	Required	Description
`database_name`	string	No	Optional database scope for SHOW SCHEMAS
`like_pattern`	string	No	Optional LIKE pattern
`object_type`	string	Yes	Object type to show
`role`	string	No	Optional role
`warehouse`	string	No	Optional warehouse

`snowflakekeyauth_show_grants`

Run SHOW GRANTS in common modes (to role, to user, of role, on object).

Name	Type	Required	Description
`grant_view`	string	Yes	SHOW GRANTS variant
`object_name`	string	No	Object name for on_object
`object_type`	string	No	Object type for on_object
`role`	string	No	Optional execution role
`role_name`	string	No	Role name (for to_role/of_role)
`user_name`	string	No	User name (for to_user)
`warehouse`	string	No	Optional warehouse

`snowflakekeyauth_show_imported_exported_keys`

Run SHOW IMPORTED KEYS or SHOW EXPORTED KEYS for a table. For reliable execution in this environment, use fully-qualified scope (database_name + schema_name + table_name).

Name	Type	Required	Description
`database_name`	string	No	Optional database name (recommended with schema_name)
`key_direction`	string	Yes	Which command to run
`role`	string	No	Optional role
`schema_name`	string	No	Optional schema name (recommended with database_name)
`table_name`	string	Yes	Table name (use with schema_name and database_name for fully-qualified scope)
`warehouse`	string	No	Optional warehouse

`snowflakekeyauth_show_primary_keys`

Run SHOW PRIMARY KEYS with optional scope. When using schema_name (or schema_name + table_name), database_name is required for fully-qualified scope.

Name	Type	Required	Description
`database_name`	string	No	Optional database name for scope (required when schema_name is set)
`role`	string	No	Optional role
`schema_name`	string	No	Optional schema name for scope
`table_name`	string	No	Optional table name for scope
`warehouse`	string	No	Optional warehouse

`snowflakekeyauth_show_warehouses`

Run SHOW WAREHOUSES.

Name	Type	Required	Description
`like_pattern`	string	No	Optional LIKE pattern
`role`	string	No	Optional role
`warehouse`	string	No	Optional warehouse